Nearly every day brings a new slate of ransomware victims, with low-risk, high-reward attacks against all types of organizations.

Now more than ever, partners have to respond intelligently and quickly to help heir customers fend off cyberattacks. And if those clients do become ransomware victims, partners must help them get through it with as little damage as possible.

But how do partners accomplish this? We asked the experts.

During this Channel Partners Conference & Expo presentation, “The Cybersecurity All-Star Panel: The Fight Against Ransomware,” April 12, cybersecurity all-stars will provide attendees with expert views on how to navigate ransomware strategies. Those include fighting ransomware, lessons learned from the pandemic, regulatory requirements and when it’s acceptable to pay.

The all-star panel includes:

In a Q&A, Maor and Johnson give a preview of what they’ll share with attendees.

Channel Futures: Are there right ways and wrong ways for companies to form defense strategy so they don’t become ransomware victims? Moreover, can you give some examples?

Cato’s Etay Maor

Etay Maor: There are many wrong ways to go about your ransomware defense strategy. The first and biggest one is thinking you are not a target for ransomware groups. That assumption needs to go out the window fast. Next is to have a plan in mind, but not just an IT-oriented plan. A ransomware attack is not an IT issue; it is a business issue.

The plan, which should be written, distributed, understood and simulated, should include stakeholders from every relevant group in the company – IT, security, board, HR, PR, legal, etc., In addition to the common best practices (backups, endpoint protection, intrusion detection systems, etc.), organizations should consider having a known law enforcement contact and a ransomware negotiator on retention. They should also understand how to purchase cryptocurrency or have a third party help with that, if that is part of the plan, and understand the laws and regulations. You really don’t want to try and learn this as it is happening. Be prepared.

Nfinit’s Kevin Johnson

Kevin Johnson: As with most things in life, there are rights and wrongs, and then a lot of in-betweens depending on what the business can handle. The biggest wrong is to think that your business does not fit the profile to be a target. No business or individual is too big or too small. The biggest hurdle is getting people to understand that ransomware can target companies or individuals, but that is not the only way it spreads. It is just looking for an unlocked door and then wanders in to do its thing. Education and simulation go a long way to help protect an organization.

CF: What aren’t organizations doing that they should be doing to protect themselves and their customers from becoming ransomware victims? Furthermore, how can cybersecurity providers help?

EM: Organizations need to understand that you shouldn’t rely on multiple security point solutions. In every case I have investigated, the attackers were on the victim’s network for days, weeks and sometimes months. Some of the systems, like endpoint protection systems and security logs, had clear alerts that there is malicious activity on the network prior to the ransomware payload deployment.

Why were they missed? Well, with large organizations having 50-70 security systems in place, the poor security analysts are trying to …

… find a needle in a haystack. They effectively have become integration engineers instead of focusing on what they were brought in for, security research. No wonder the burnout is at an all-time high in security, and even more so for CISOs. Organizations need to understand if they are adding fat or muscle every time they add a new security tool; and yes, I blame the security industry for making it complex where simple, yet not simplistic, solutions are in order.

KJ: The recent breaches that I have been around were preventable if the organization would have just followed their own security policies. Those are basics like:

Cybersecurity providers can help in all of these areas. Ensure IT knows how to scan new devices. Offer patching services. Review, make recommendations and make changes to firewall rules. Help companies set up phishing campaign test software and education programs.

CF: Are there lessons learned about ransomware from the pandemic? If so, what are those?

EM: No. 1, anyone and everyone is a target for ransomware. No. 2, it’s great to save money with employees working from home, but now you have to secure these employees and their connections to your infrastructure. No. 3, your third-party/supply chain is you. If they get compromised, your data is on the line as well. No. 4, it’s the simple things – misconfigured security solutions, unpatched systems, easy-to-guess passwords, open ports and service, far from real-time network monitoring – its easy to become the low-hanging fruit and it’s just as easy to solve that problem.

KJ: Communications plans go out the window and you end up reverting to cellphones and text messaging for communications. Having an individual in the C-suite named in advance to interact with the insurance company is critical. Don’t tell the hackers that you have insurance. Secure sockets layer (SSL) VPN is your friend.

CF: So what do you hope attendees can learn and make use of from this session?

EM: I hope attendees learn from different perspectives and experiences on what they can do to better prepare and respond to ransomware threats. This threat is not going away, and will only continue to grow, especially with the current geopolitical situation. This is a must-know for any organization.

KJ: There are steps you can take to prevent and prepare for ransomware. When you get hit with ransomware, your level of preparation will impact your ability to recover.